CVE-2024-5754: 
NixOS vulnerability analysis and mitigation

CVE-2024-5754 is a vulnerability discovered in the Zephyr Bluetooth host related to the encryption procedure. The vulnerability was disclosed on September 13, 2024, affecting Zephyr versions 3.6 and earlier. The issue exists in the way the host code handles encryption procedures, where it incorrectly trusts and uses encryption change event parameters (Zephyr Advisory).

The vulnerability occurs when a malicious Bluetooth Peripheral imitates a Negative Reply with a REJECTIND or REJECTEXTIND using success error codes. The host code incorrectly trusts evt->errorcode rather than evt->encrypt in many cases, leading to a broad assumption throughout the host that the ACL is encrypted despite the encryption being rejected by the peripheral. This affects multiple protocol layers including l2cap, att, smp, and application layers, particularly impacting cases like isochronous channels where an audio stream may be established on a supposedly encrypted link (Zephyr Advisory).

The vulnerability has been assigned a High severity rating with a CVSS score of 8.2. It primarily affects data confidentiality with high impact and integrity with low impact, while having no direct impact on availability. The vulnerability can be exploited from an adjacent network location without requiring privileges or user interaction (Zephyr Advisory).

A workaround has been proposed to translate the status field of the encryption change event to 'UNSPECIFIED' if the procedure was rejected and the link is not encrypted. This can be implemented either in the controller or in the host. Patches have been developed for multiple versions: main (#73945), v3.6 (#74124), v3.5 (#74123), and v2.7 (#74122) (Zephyr Advisory).